Missing Authorization in Travel Booking by wptravelengine
CVE-2026-32486
5.3MEDIUM
What is CVE-2026-32486?
The Travel Booking product by wptravelengine exhibits a missing authorization vulnerability, allowing attackers to exploit incorrectly configured access control security levels. This issue impacts users of Travel Booking, specifically versions up to and including 1.3.9, potentially granting unauthorized access to sensitive functionalities.
Affected Version(s)
Travel Booking 0 <= 1.3.9
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program